Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openclaw-crm
v1.0.0Local-first CRM for managing leads, deals, follow-ups, and pipelines via CLI using SQLite with WAL mode.
⭐ 0· 563·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and the included code (SQLite-backed CLI, contacts/deals/follow-ups, reports, backup/restore) are consistent. No unexpected external credentials, binaries, or network clients are requested. However, the README and interchange comments make mixed claims about what interchange files will contain (an assertion that 'ops' outputs contain no deal values or contact info contrasts with code that writes state/deal files containing contact emails and deal values). This is a design/policy inconsistency worth noting.
Instruction Scope
SKILL.md instructs running `npm install` and `node src/cli.js refresh` and to use an exec tool to run CLI commands. That is expected for a CLI skill, but the code writes Markdown 'interchange' files into an interchange/ directory and those files include contact names, emails and deal values in state/deals files — which could leak sensitive data to any consumer of the workspace/interchange path. Also src/interchange.js imports writeMd from '../../interchange/src/index.js' (a relative path outside the package) which may be unresolved at runtime; this mismatch between documentation, filesystem locations, and imports is suspicious and should be validated before use.
Install Mechanism
There is no formal install spec in registry metadata (instruction-only skill), but SKILL.md and package.json require running `npm install`. Dependencies are normal npm packages (better-sqlite3, commander, uuid) and package-lock.json is included. Installing will fetch from the public npm registry and better-sqlite3 may build native artifacts; this is common but means extra caution (build tools, native binaries). No downloads from obscure URLs were observed.
Credentials
The skill declares no required environment variables or credentials and the code doesn't read external secrets. That aligns with a local-first CRM.
Persistence & Privilege
Skill is not marked always:true and does not request elevated platform privileges. It writes files under its own data/interchange paths and copies DB files for backups — normal for a local CLI tool.
What to consider before installing
Before installing: 1) Inspect the interchange behavior — src/interchange.js writes state/deals .md files that include contact names, emails and deal values. If your workspace/interchange directory is shared with other agents or users, this will expose PII and monetary data. If you do not want that, modify or disable the refresh/write functions. 2) Verify the referenced writeMd import (../../interchange/src/index.js) exists in your environment or replace it with a local writer; the relative import looks like it will fail unless an interchange package is present at that path. 3) Run npm install in an isolated environment or container: better-sqlite3 builds native modules and may require build tools. 4) Audit dependencies (npm audit) and review package-lock.json for unexpected packages. 5) Be aware backups copy .db, .wal, .shm files — secure those files and their destinations. 6) If you plan to let agents run this autonomously, explicitly confirm which interchange files will be published and who/what can read workspace/interchange; the code currently writes sensitive state data which could be picked up by other agents. If you want, I can point to the specific lines that produce interchange/deal content and suggest small code edits to redact sensitive fields.Like a lobster shell, security has layers — review code before you run it.
latestvk97b5zmxkb43cx1x0ejzqb0nth81g7hc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.